Author Topic: Migwiz.exe  (Read 25128 times)

0 Members and 1 Guest are viewing this topic.

dellboy

  • Guest
Migwiz.exe
« on: May 31, 2010, 04:20:13 PM »
Hi,

Just done a full system scan and a threat was found C:\WINDOWS\$NtServicePackUninstall$\migwiz.exe

I've sent it to the chest, but Avast says its malware?

I can't find any conclusive info on this except that migwiz.exe is a file used by files transfer wizard?

Can someone please point me in the right direction.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86530
  • No support PMs thanks
Re: Migwiz.exe
« Reply #1 on: May 31, 2010, 04:29:04 PM »
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\* That will stop the File System Shield scanning any file you put in that folder.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

PapaSmurf

  • Guest
Re: Migwiz.exe
« Reply #2 on: May 31, 2010, 04:32:33 PM »
According to what I have read, it is a file transfer utility from Microsoft.
Possibly maybe something corrupted the file?
You can google the filename and read about it.

Do what DavidR suggests..this will give another report that can be viewed.

dellboy

  • Guest
Re: Migwiz.exe
« Reply #3 on: May 31, 2010, 04:46:16 PM »
Thanks for the really quick replies 8)

Here's the link from Virus total:http://www.virustotal.com/analisis/8e4e9f5e172a4948893eb3189786caadce43e47522292324281ba7812b174383-12753128




dellboy

  • Guest
Re: Migwiz.exe
« Reply #4 on: May 31, 2010, 04:52:21 PM »
I thought I'd scan the migwiz.exe file whilst in the suspect folder, and lo and behold a threat was detected.  The description was Win32:Malware-gen, which after doing a quick Google search doesn't look very encouraging!

Offline rob24

  • Full Member
  • ***
  • Posts: 113
Re: Migwiz.exe
« Reply #5 on: May 31, 2010, 08:45:14 PM »
My daily scheduled scan using Ashquick.exe also found this today. I sent it to the chest and it is also IDd as Win32:Malware-gen. I have submitted it to Avast too.
Intel Core i5 CPU 4 x 3200 Mhz, 8Gb DDR3 RAM, Windows 10 64 bit, Malwarebytes' Anti-Malware 1.6 free, Superantispyware.
Samsung S3 mobile with Avast Mobile Pro and on Lenovo tablet.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86530
  • No support PMs thanks
Re: Migwiz.exe
« Reply #6 on: May 31, 2010, 09:13:03 PM »
I thought I'd scan the migwiz.exe file whilst in the suspect folder, and lo and behold a threat was detected.  The description was Win32:Malware-gen, which after doing a quick Google search doesn't look very encouraging!

If you had excluded that folder as I suggested in the above instructions then you shouldn't have found anything.

The avast Win32:Malware-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

So a search on this malware name is unlikely to reveal any useful 'specific' information on what it actually is.

Unfortunately your URL to the VT results doesn't work, so how many detections and what detected it (only avast and gdata, etc.) ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86530
  • No support PMs thanks
Re: Migwiz.exe
« Reply #7 on: May 31, 2010, 09:15:44 PM »
My daily scheduled scan using Ashquick.exe also found this today. I sent it to the chest and it is also IDd as Win32:Malware-gen. I have submitted it to Avast too.

The strange thing is that a search of my system for this file only reveals one in the c:\windows\system32 folder and a scan of that with ashquick.exe finds it clean.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

rambo1940

  • Guest
Re: Migwiz.exe
« Reply #8 on: May 31, 2010, 10:14:50 PM »
I have just done a scan and found the same thing.
I have also looked up Migwiz on Google and am none of the wiser.
Could someone please tell me in simple English.
(1) What is Migwiz
(2) why did the scan find it
(3) should i remove it.At the moment it is locked up in the vault.
(4)If it is not a virus or similar why did Avast pick it up.
(5)What should i do now.

Sorry to sound so stupid but i really don't understand.
Help would be much appreciated,
Thank you.
Regards.
 

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33595
  • malware fighter
Re: Migwiz.exe
« Reply #9 on: May 31, 2010, 10:31:51 PM »
Hi posters in this thread,

Here it is qualified as benign:
 migwiz.exe - Process Information

This component is part of  MS Windows Files and Settings Transfer Wizard


Component Name: migwiz.exe

Description of : With the use of a direct connection cable and this program,
you will be able to transfer all settings and files from an old computer to a new one.
info: http://www.liutilities.com/products/wintaskspro/processlibrary/migwiz/
Further: http://www.spyfu.com/Term.aspx/Term.aspx?t=997090

Recommendation for :
.

Trusted: Yes
Trojan: No
Chronic: No
Adware: No
Carrier: No
Browser Hijacker: No
Dialer: No
Commercial Keylogger: No
Remote Administration Tool: No
Suspected: No

Company Name: Microsoft Corporation
Platforms Affected: 
Methods of Distribution: .
Variants/Versions: 
Release Date: ,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

rambo1940

  • Guest
Re: Migwiz.exe
« Reply #10 on: May 31, 2010, 10:35:13 PM »
That's great
Thank you

Offline rob24

  • Full Member
  • ***
  • Posts: 113
Re: Migwiz.exe
« Reply #11 on: May 31, 2010, 10:42:59 PM »

Here it is qualified as benign:
 migwiz.exe - Process Information

This component is part of  MS Windows Files and Settings Transfer Wizard
Is it OK to leave it in the Chest as I have in that case, or is the file needed for the MS process you describe, when the time comes to carry out that process. In other words, will the Wizard fail in the absence of that file?
I was happy enough got it to stay safely in the Chest before knowing that, even if it had been a threat.
Intel Core i5 CPU 4 x 3200 Mhz, 8Gb DDR3 RAM, Windows 10 64 bit, Malwarebytes' Anti-Malware 1.6 free, Superantispyware.
Samsung S3 mobile with Avast Mobile Pro and on Lenovo tablet.

fernbomb

  • Guest
Re: Migwiz.exe
« Reply #12 on: May 31, 2010, 11:41:09 PM »
I got this today as well, and I moved it to the chest. Is it possible this is just a false positive?

Gargamel360

  • Guest
Re: Migwiz.exe
« Reply #13 on: May 31, 2010, 11:58:28 PM »
Looks like it.
Polonus knows his malware. :)
He posted his source if you would care to check yourself.

MAG

  • Guest
Re: Migwiz.exe
« Reply #14 on: June 01, 2010, 06:08:24 PM »
I got the same thing with a scan yesterday. Moved migwiz.exe to the chest yesterday. Did a right click avast scan on it inside the chest today (with latest virus database) and it says "migwiz.exe - no virus", so I assume it was just a false positive in yesterdays virus database release?